CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2782 matches found

Open WebUI < 0.9.5 - Information Disclosure

Open WebUI 0.9.5 contains an information disclosure vulnerability caused by unauthenticated access to GET /api/v1/retrieval/ endpoint, letting remote attackers retrieve live RAG pipeline configuration without authorization, exploit requires no authentication. id: CVE-2026-45397 info: name: Open...

5.3CVSS5.8AI score0.00039EPSS

Exploits1References3

Nuclei•added 16 hours ago•9 views

LoLLMs WEBUI - Server-Side Request Forgery

LoLLMs WEBUI contains a server-side request forgery caused by unauthenticated access to the /api/proxy endpoint, letting attackers force the server to make arbitrary GET requests, exploit requires no authentication. id: CVE-2026-33340 info: name: LoLLMs WEBUI - Server-Side Request Forgery author:...

9.1CVSS5.9AI score0.09402EPSS

Exploits3References2

Nuclei•added 16 hours ago•20 views

Loytec LGATE-902 <6.4.2 - Local File Inclusion

Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion vulnerability. id: CVE-2018-14916 info: name: Loytec LGATE-902 6.4.2 - Local File Inclusion author: 0xAkoko severity: critical description: Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion...

9.4CVSS7.3AI score0.67293EPSS

Exploits3References5

Nuclei•added 16 hours ago•8 views

LoLLMS WebUI < 9.8 - Path Traversal

parisneo/lollms-webui contains a path traversal caused by improper handling of 'category' parameter in /listpersonalities endpoint, letting attackers list arbitrary directories, exploit requires control over 'category' parameter. id: CVE-2024-4322 info: name: LoLLMS WebUI 9.8 - Path Traversal...

7.5CVSS7.2AI score0.45155EPSS

Exploits1References2

Nuclei•added 16 hours ago•28 views

Stable Diffusion Webui 1.10.0 - Open Redirect

An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-11044...

6.1CVSS6.3AI score0.01047EPSS

Exploits1References1

Nuclei•added 16 hours ago•11 views

LOLLMS WebUI - Absolute Path Traversal

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...

7.5CVSS7.2AI score0.11253EPSS

Exploits1References3

Nuclei•added 16 hours ago•39 views

LoLLMS WebUI - Subfolder Prediction via Path Traversal

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'addreferencetolocalmode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. id: CVE-2024-4841 info: name: LoLLMS WebUI - Subfolder Prediction via Path...

4CVSS5.8AI score0.08457EPSS

Exploits1

Nuclei•added 2 days ago•31 views

Aria2 WebUI - Path traversal

webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability. id: CVE-2023-39141 info: name: Aria2 WebUI - Path traversal author: DhiyaneshDk severity: high description: | webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability. impact: | An attacker...

7.5CVSS7.1AI score0.85587EPSS

Exploits1References5

NVD•added 5 days ago•9 views

CVE-2025-41276

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.8CVSS0.00261EPSS

Exploits0References1

NVD•added 5 days ago•7 views

CVE-2025-41277

9.8CVSS0.00261EPSS

Exploits0References1

NVD•added 5 days ago•10 views

CVE-2025-41272

9.8CVSS0.00261EPSS

Exploits0References1

NVD•added 5 days ago•6 views

CVE-2025-41269

9.8CVSS0.00261EPSS

Exploits0References1

NVD•added 5 days ago•7 views

CVE-2025-41271

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device...

8.7CVSS0.00065EPSS

Exploits0References1

NVD•added 5 days ago•9 views

CVE-2025-41274

9.8CVSS0.00261EPSS

Exploits0References1

NVD•added 5 days ago•7 views

CVE-2025-41270

9.8CVSS0.00261EPSS

Exploits0References1

NVD•added 5 days ago•6 views

CVE-2025-41275

9.8CVSS0.00261EPSS

Exploits0References1

NVD•added 5 days ago•8 views

CVE-2025-41267

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.5CVSS0.00217EPSS

Exploits0References1

Cvelist•added 5 days ago•25 views

CVE-2025-41279

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS0.00217EPSS

Exploits0References1